You are here

Home » API reference » simpleSAMLphp Authentication 8.3 » SimplesamlSubscriber.php

class SimplesamlSubscriber in simpleSAMLphp Authentication 8.3

Event subscriber subscribing to KernelEvents::REQUEST.

Hierarchy

  • class \Drupal\simplesamlphp_auth\EventSubscriber\SimplesamlSubscriber implements \Symfony\Component\EventDispatcher\EventSubscriberInterface

Expanded class hierarchy of SimplesamlSubscriber

1 string reference to 'SimplesamlSubscriber'
simplesamlphp_auth.services.yml in ./simplesamlphp_auth.services.yml
simplesamlphp_auth.services.yml
1 service uses SimplesamlSubscriber
simplesamlphp_auth_event_subscriber in ./simplesamlphp_auth.services.yml
Drupal\simplesamlphp_auth\EventSubscriber\SimplesamlSubscriber

File

src/EventSubscriber/SimplesamlSubscriber.php, line 19

Namespace

Drupal\simplesamlphp_auth\EventSubscriber
View source 
class SimplesamlSubscriber implements EventSubscriberInterface {

  /**
   * The SimpleSAML Authentication helper service.
   *
   * @var \Drupal\simplesamlphp_auth\Service\SimplesamlphpAuthManager
   */
  protected $simplesaml;

  /**
   * The current account.
   *
   * @var \Drupal\Core\Session\AccountInterface
   */
  protected $account;

  /**
   * A configuration object.
   *
   * @var \Drupal\Core\Config\ImmutableConfig
   */
  protected $config;

  /**
   * A logger instance.
   *
   * @var \Psr\Log\LoggerInterface
   */
  protected $logger;

  /**
   * The current route match.
   *
   * @var \Drupal\Core\Routing\RouteMatchInterface
   */
  protected $routeMatch;

  /**
   * {@inheritdoc}
   *
   * @param \Drupal\simplesamlphp_auth\Service\SimplesamlphpAuthManager $simplesaml
   *   The SimpleSAML Authentication helper service.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The current account.
   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
   *   The configuration factory.
   * @param \Psr\Log\LoggerInterface $logger
   *   A logger instance.
   * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
   *   The current route match.
   */
  public function __construct(SimplesamlphpAuthManager $simplesaml, AccountInterface $account, ConfigFactoryInterface $config_factory, LoggerInterface $logger, RouteMatchInterface $route_match) {
    $this->simplesaml = $simplesaml;
    $this->account = $account;
    $this->config = $config_factory
      ->get('simplesamlphp_auth.settings');
    $this->logger = $logger;
    $this->routeMatch = $route_match;
  }

  /**
   * Logs out user if not SAML authenticated and local logins are disabled.
   *
   * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
   *   The subscribed event.
   */
  public function checkAuthStatus(GetResponseEvent $event) {
    if ($this->account
      ->isAnonymous()) {
      return;
    }
    if (!$this->simplesaml
      ->isActivated()) {
      return;
    }
    if ($this->simplesaml
      ->isAuthenticated()) {
      return;
    }
    if ($this->config
      ->get('allow.default_login')) {
      $allowed_uids = explode(',', $this->config
        ->get('allow.default_login_users'));
      if (in_array($this->account
        ->id(), $allowed_uids)) {
        return;
      }
      $allowed_roles = $this->config
        ->get('allow.default_login_roles');
      if (array_intersect($this->account
        ->getRoles(), $allowed_roles)) {
        return;
      }
    }
    if ($this->config
      ->get('debug')) {
      $this->logger
        ->debug('User %name not authorized to log in using local account.', [
        '%name' => $this->account
          ->getAccountName(),
      ]);
    }
    user_logout();
    $response = new RedirectResponse('/', RedirectResponse::HTTP_FOUND);
    $event
      ->setResponse($response);
    $event
      ->stopPropagation();
  }

  /**
   * Redirect anonymous users to the external IdP from the Drupal login page.
   *
   * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
   *   The subscribed event.
   */
  public function login_directly_with_external_IdP(GetResponseEvent $event) {
    if ($this->config
      ->get('allow.default_login')) {
      return;
    }

    // Check if an anonymous user tries to access the Drupal login page.
    if ($this->account
      ->isAnonymous() && $this->routeMatch
      ->getRouteName() == 'user.login') {

      // Get the path (default: '/saml_login') from the
      // 'simplesamlphp_auth.saml_login' route.
      $saml_login_path = Url::fromRoute('simplesamlphp_auth.saml_login')
        ->toString();

      // Redirect directly to the external IdP.
      $response = new RedirectResponse($saml_login_path, RedirectResponse::HTTP_FOUND);
      $event
        ->setResponse($response);
      $event
        ->stopPropagation();
    }
  }

  /**
   * {@inheritdoc}
   */
  public static function getSubscribedEvents() {
    $events[KernelEvents::REQUEST][] = [
      'checkAuthStatus',
    ];
    $events[KernelEvents::REQUEST][] = [
      'login_directly_with_external_IdP',
    ];
    return $events;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
SimplesamlSubscriber::$account protected property The current account.
SimplesamlSubscriber::$config protected property A configuration object.
SimplesamlSubscriber::$logger protected property A logger instance.
SimplesamlSubscriber::$routeMatch protected property The current route match.
SimplesamlSubscriber::$simplesaml protected property The SimpleSAML Authentication helper service.
SimplesamlSubscriber::checkAuthStatus public function Logs out user if not SAML authenticated and local logins are disabled.
SimplesamlSubscriber::getSubscribedEvents public static function Returns an array of event names this subscriber wants to listen to.
SimplesamlSubscriber::login_directly_with_external_IdP public function Redirect anonymous users to the external IdP from the Drupal login page.
SimplesamlSubscriber::__construct public function